Diary and thoughtspace of Rune B. Broberg

Menu

Synchronizing Beehive 1.5.1 with Fedora Directory Server

The directory server we use at work is a Fedora Directory Server installation, running 4 nodes in a multi-master setup. We’ve been looking into migrating it to a Sun Java System Directory Server Enterprise Edition (sic) for a while, since I returned from the course in the US, but I haven’t had the time to get a proper test installation running yet. With Beehive 1.5.1 out, and given my enthusiasm for that, I decided to try and see if it would work with the Fedora Directory Server, even though it wasn’t supported.

I went with the template for synchronizing a Sun directory, as my sources had told me the two were very similar, in fact originally from the same source tree. The templates are pretty readable, but have manual handy for checking what some of the stuff means. One caveat: The attributes in the template are generally written like this:

<profile_name><enter profile name here></profile name>

What they expect you to write, is something like this:

<profile_name>Test profile</profile_name>

The extra angle brackets are just put there to confuse us 😉

My main concern at this point was that while I could define specific attribute values to mean external mail or not, it didn’t seem like this could be set merely by the presence of absence of attributes. I may have to re-think the directory structure slightly to address this.

When I added the profile using beectl, it turned out not to validate. Beehive was unable to find the directory server changelog. As it turns out, Beehive relies on an “old-fashioned” approach to synchronization between directory servers, and in fact one that can be enabled using a “Retro Changelog Plugin” for the Fedora Directory Server. So, if you’re on Google, trying to figure out how to make Beehive work with Fedora Directory Server: Use the Retro Changelog Plugin!

After setting this up, things seemed to just work. Now, there’s another little caveat: Beehive works with a concept of “principals”, that are your login credentials; In the default case your email for login and for instant messenging, and your phone number for voicemail. I changed the mail principal to be the user’s UID, but left them for IM and voicemail – meaning some users weren’t imported into Beehive, as it insists on the attributes used for this (mail and telephoneNumber) being unique in the directory. We have people who rightly have the same telephone number, for instance sharing an office, and Beehive doesn’t seem to like that. My idea of how to handle it: Make seperate attributes for voicemail-principals and instant messenging principals if you’re going to need those things, or disable them in the sync profile.

I would rather like for all our users to have an instant messenging principal that’s their UID @ some domain. I haven’t been able to find the option for it yet, and I’m not sure if it exists at all … if you know it doesn’t, and you’re a Beehive developer: Go fix this! 😉